Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mozilla Firefox < 3.6.24 Multiple Vulnerabilities

High

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Firefox earlier than 3.6.24 are potentially affected by multiple vulnerabilities :

- A flaw exists within the 'JSSubScriptLoader' that incorrectly unwraps 'XPCNativeWrappers'. By tricking a user into installing a malicious plug-in, an attacker could exploit this issue to execute arbitrary code. (CVE-2011-3647) - Certain invalid sequences are not handled properly in 'Shift-JIS' encoding and can allow cross-site scripting (XSS) attacks. (CVE-2011-3648) - Profiling JavaScript files with many functions can cause the application to crash. It may be possible to trigger this behavior even when the debugging APIs are not being used. (CVE-2011-3650)

Solution

Upgrade to Firefox 3.6.24 or later.